\section{Design}
\frame
{
\frametitle{Design}

\includegraphics[scale=0.8]{figs/design}


}

\frame
{
\frametitle{Entities}

\begin{itemize}

\item{Web server}


\begin{itemize}
\item Users interact with a web server producing dynamic content
\item Web content is produced through status data (in XML form) from many nodes
\item Users can send commands to the nodes via the web service and read the resulting state

\end{itemize}


\item{Nodes}


\begin{itemize}
\item All nodes are always connected to the web server
\item Nodes can connect between them to exchange data
\item The initiator is always the web server, who provides each node with the IP address of the other 
\item  The connection between two nodes is terminated after a command is served
\end{itemize}


\end{itemize}

}










\subsection{Security Design}

\frame
{
  \frametitle{Security}



The system should be able to defend these attacks:

\begin{itemize}

\item \emph{Denial of Service:} Prevent any part of a system from functioning as intended

\item \emph{Disclosure:} Acquisition of sensitive information 

\item \emph{Manipulation:} Modification of system information 

\item \emph{Masquerading:} Gain access to a system by posing as an authorized entity

\item \emph{Replay:} Re-transmission of valid messages under invalid circumstances

\item \emph{Repudiation:} Successful denial of an action


\end{itemize}

}


\frame
{
  \frametitle{Security}

The system should be able to defend these attacks:

\begin{itemize}

\item <rounded>  \emph{Denial of Service:} Prevent any part of a system from functioning as intended

\item <rounded>  \emph{Disclosure:} Acquisition of sensitive information 

\item \emph{Manipulation:} Modification of system information 

\item \emph{Masquerading:} Gain access to a system by posing as an authorized entity

\item \emph{Replay:} Re-transmission of valid messages under invalid circumstances

\item <rounded>  \emph{Repudiation:} Successful denial of an action


\end{itemize}

}




\frame
{
\frametitle{Attacker Model}

An attacker...

\begin{itemize}


\item ...can see every connection/data transfer
\item ...can replay messages
\item ...can be in the middle 
\begin{itemize}
\item Node - Node
\item Node - Web Server
\item User - Web Server 
\end{itemize}



\end{itemize}

}

\frame
{
\frametitle{Security Model}

Usage of certificates is not enough!

\begin{itemize}

\item Public Key Infrastructure
\item Certificate Authority located within the web server
\item Issues signed X509 certificates
\item Node to node connections use SSL
\item Online Certificate Status Protocol (OCSP)

\end{itemize}

}

\frame
{
  \frametitle{Web Server Security}


\begin{itemize}

\item Web Server: in secure environment

\item Using https

\item Using signed (md5) cookies  (not yet)

\item Url is encoded (not yet) 


\end{itemize}

}

\frame
{
\frametitle{Node Security}

\begin{itemize}

\item All nodes are always connect to the web server

\item Every node has the certificate from authority 

\item Startup: ask for signed certificate from authority (located with web server) 


\item If disconnected then:
\begin{itemize}
\item If the ip address is the same then reconnect
\item If new ip address required then ask again signed certificate
\end{itemize}



\end{itemize}

}

\frame
{
\frametitle{Node startup}

\center
\includegraphics[scale=0.4]{figs/cert_req}

}




\frame
{
\frametitle{Node Communication Design}
\center
\includegraphics[scale=0.45]{figs/transfer}

}









